RHSA-2020:3369
Advisory lineage Upstream: 5 Downstream: 0
Published: 30 Sept 2024, 13:53
Last modified:03 Jun 2026, 10:00
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Sept 2024, 13:53
Published
Vulnerability first disclosed
03 Jun 2026, 10:00
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: Red Hat OpenShift Service Mesh security update
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•ior
< 0:1.1.6-1.el8
- redhat•kiali
< 0:v1.12.10.redhat2-1.el7
- redhat•servicemesh
< 0:1.1.6-1.el8
- redhat•servicemesh-citadel
< 0:1.1.6-1.el8
- redhat•servicemesh-cni
< 0:1.1.6-1.el8
- redhat•servicemesh-galley
< 0:1.1.6-1.el8
- redhat•servicemesh-grafana
< 0:6.4.3-13.el8
- redhat•servicemesh-grafana-prometheus
< 0:6.4.3-13.el8
- redhat•servicemesh-istioctl
< 0:1.1.6-1.el8
- redhat•servicemesh-mixc
< 0:1.1.6-1.el8
- redhat•servicemesh-mixs
< 0:1.1.6-1.el8
- redhat•servicemesh-operator
< 0:1.1.6-2.el8
- redhat•servicemesh-pilot-agent
< 0:1.1.6-1.el8
- redhat•servicemesh-pilot-discovery
< 0:1.1.6-1.el8
- redhat•servicemesh-prometheus
< 0:2.14.0-14.el8
- redhat•servicemesh-sidecar-injector
< 0:1.1.6-1.el8
References (30)
- https://access.redhat.com/errata/RHSA-2020:3369
- https://access.redhat.com/security/updates/classification/#moderate
- https://bugzilla.redhat.com/show_bug.cgi?id=1804533
- https://bugzilla.redhat.com/show_bug.cgi?id=1850004
- https://bugzilla.redhat.com/show_bug.cgi?id=1850034
- https://bugzilla.redhat.com/show_bug.cgi?id=1853652
- https://bugzilla.redhat.com/show_bug.cgi?id=1857412
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3369.json
- https://access.redhat.com/security/cve/CVE-2020-8203
- https://www.cve.org/CVERecord?id=CVE-2020-8203
- https://nvd.nist.gov/vuln/detail/CVE-2020-8203
- https://hackerone.com/reports/712065
- https://www.npmjs.com/advisories/1523
- https://access.redhat.com/security/cve/CVE-2020-9283
- https://www.cve.org/CVERecord?id=CVE-2020-9283
- https://nvd.nist.gov/vuln/detail/CVE-2020-9283
- https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
- https://access.redhat.com/security/cve/CVE-2020-11023
- https://www.cve.org/CVERecord?id=CVE-2020-11023
- https://nvd.nist.gov/vuln/detail/CVE-2020-11023
- https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://access.redhat.com/security/cve/CVE-2020-12666
- https://www.cve.org/CVERecord?id=CVE-2020-12666
- https://nvd.nist.gov/vuln/detail/CVE-2020-12666
- https://access.redhat.com/security/cve/CVE-2020-14040
- https://www.cve.org/CVERecord?id=CVE-2020-14040
- https://nvd.nist.gov/vuln/detail/CVE-2020-14040
- https://github.com/golang/go/issues/39491
- https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0