CVE-2020-11023 - Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is in the KEV database since Jan. 23, 2025.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Drupal	Drupal
Fedoraproject	Fedora
Jquery	Jquery
Netapp	H300e H300e Firmware H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500e H500e Firmware H500s H500s Firmware H700e H700e Firmware H700s H700s Firmware Max Data Oncommand Insight Oncommand System Manager Snap Creator Framework Snapcenter Server
Oracle	Application Express Application Testing Suite Banking Enterprise Collections Banking Platform Business Intelligence Communications Analytics Communications Eagle Application Processor Communications Element Manager Communications Interactive Session Recorder Communications Operations Monitor Communications Services Gatekeeper Communications Session Report Manager Communications Session Route Manager Financial Services Regulatory Reporting For De Nederlandsche Bank Financial Services Revenue Management And Billing Analytics Health Sciences Inform Healthcare Translational Research Hyperion Financial Reporting Jd Edwards Enterpriseone Orchestrator Jd Edwards Enterpriseone Tools Oss Support Tools Peoplesoft Enterprise Human Capital Management Resources Primavera Gateway Rest Data Services Siebel Mobile Storagetek Acsls Storagetek Tape Analytics Sw Tool Webcenter Sites Weblogic Server
Redhat	Amq Interconnect Ansible Tower Discovery Enterprise Linux Jboss Enterprise Application Platform Jboss Single Sign On Openshift Openstack Red Hat Single Sign On Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus Rhev Manager Service Mesh
Tenable	Log Correlation Engine

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 5 [-]

OR	cpe:2.3:a:oracle:application_express::::::::
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_collections::::::::
	cpe:2.3:a:oracle:banking_platform::::::::
	cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::
	cpe:2.3:a:oracle:communications_operations_monitor::::::::
	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:::::::*
	cpe:2.3:a:oracle:health_sciences_inform:6.3.0:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
	cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
	cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:::::::*
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:oss_support_tools::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
	cpe:2.3:a:oracle:rest_data_services:18c::::-:::
	cpe:2.3:a:oracle:rest_data_services:19c::::-:::
	cpe:2.3:a:oracle:siebel_mobile::::::::
	cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
	cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:::::::*
	cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 14 [-]

OR	cpe:2.3:a:netapp:max_data:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
	cpe:2.3:a:netapp:snapcenter_server:-:::::::*

Configuration 15 [-]

cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
A-MQ Interconnect 1.y for RHEL 6
qpid-dispatch-0:1.13.0-3.el6_10	cpe:/a:redhat:amq_interconnect:1::el6	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 7
qpid-dispatch-0:1.13.0-3.el7	cpe:/a:redhat:amq_interconnect:1::el7	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 8
qpid-dispatch-0:1.13.0-3.el8	cpe:/a:redhat:amq_interconnect:1::el8	RHSA-2020:4211	2020-10-08T00:00:00Z
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
Openshift Service Mesh 1.1
kiali-0:v1.12.10.redhat2-1.el7	cpe:/a:redhat:service_mesh:1.1::el7	RHSA-2020:3369	2020-08-06T00:00:00Z
OpenShift Service Mesh 1.1
ior-0:1.1.6-1.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-0:1.1.6-1.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-cni-0:1.1.6-1.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-grafana-0:6.4.3-13.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-operator-0:1.1.6-2.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
servicemesh-prometheus-0:2.14.0-14.el8	cpe:/a:redhat:service_mesh:1.1::el8	RHSA-2020:3369	2020-08-06T00:00:00Z
Red Hat Ansible Tower 3.6 for RHEL 7
ansible-tower-36/ansible-tower:3.6.7-1	cpe:/a:redhat:ansible_tower:3.6::el7	RHSA-2021:0778	2021-03-09T00:00:00Z
Red Hat Ansible Tower 3.7 for RHEL 7
ansible-tower-37/ansible-tower-rhel7:3.7.4-1	cpe:/a:redhat:ansible_tower:3.7::el7	RHSA-2020:5249	2020-11-30T00:00:00Z
Red Hat Enterprise Linux 7
ipa-0:4.6.8-5.el7_9.4	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:0860	2021-03-16T00:00:00Z
pcs-0:0.9.169-3.el7_9.3	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:7343	2022-11-02T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
doxygen-1:1.8.5-3.el7_7.1	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1256	2025-02-10T00:00:00Z
ipa-0:4.6.5-11.el7_7.5	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1514	2025-02-17T00:00:00Z
gcc-0:4.8.5-40.el7_7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1580	2025-02-17T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
doxygen-1:1.8.5-4.el7_9.1	cpe:/o:redhat:rhel_els:7	RHSA-2025:1255	2025-02-10T00:00:00Z
gcc-0:4.8.5-45.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:1601	2025-02-17T00:00:00Z
Red Hat Enterprise Linux 8
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
idm:client-8040020210319141812.479738cf	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:1846	2021-05-18T00:00:00Z
idm:DL1-8040020210319141752.1f8cbe47	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:1846	2021-05-18T00:00:00Z
tbb-0:2018.2-10.el8_10.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1215	2025-02-10T00:00:00Z
gcc-0:8.5.0-23.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1301	2025-02-11T00:00:00Z
gcc-toolset-13-gcc-0:13.3.1-2.2.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1306	2025-02-11T00:00:00Z
gcc-toolset-14-gcc-0:14.2.1-7.1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1338	2025-02-12T00:00:00Z
doxygen-1:1.8.14-13.el8_10	cpe:/a:redhat:enterprise_linux:8::crb	RHSA-2025:1314	2025-02-11T00:00:00Z
pcs-0:0.10.10-4.el8	cpe:/a:redhat:enterprise_linux:8::highavailability	RHSA-2021:4142	2021-11-09T00:00:00Z
gcc-0:8.5.0-23.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:1301	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tbb-0:2018.2-9.el8_2.1	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1217	2025-02-10T00:00:00Z
gcc-0:8.3.1-8.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1310	2025-02-11T00:00:00Z
idm:DL1-8020020250212111622.792f4060	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1515	2025-02-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tbb-0:2018.2-10.el8_4.1	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1212	2025-02-10T00:00:00Z
gcc-0:8.4.1-1.4.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1312	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tbb-0:2018.2-10.el8_4.1	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1212	2025-02-10T00:00:00Z
gcc-0:8.4.1-1.4.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1312	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tbb-0:2018.2-10.el8_4.1	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1212	2025-02-10T00:00:00Z
gcc-0:8.4.1-1.4.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1312	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
tbb-0:2018.2-10.el8_6.1	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1216	2025-02-10T00:00:00Z
gcc-0:8.5.0-10.4.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1308	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
tbb-0:2018.2-10.el8_6.1	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1216	2025-02-10T00:00:00Z
gcc-0:8.5.0-10.4.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1308	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
tbb-0:2018.2-10.el8_6.1	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1216	2025-02-10T00:00:00Z
gcc-0:8.5.0-10.4.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1308	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tbb-0:2018.2-10.el8_8.1	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1214	2025-02-10T00:00:00Z
gcc-0:8.5.0-18.3.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1311	2025-02-11T00:00:00Z
doxygen-1:1.8.14-13.el8_8	cpe:/a:redhat:rhel_eus:8.8::crb	RHSA-2025:1247	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9
tbb-0:2020.3-8.el9_5.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1210	2025-02-10T00:00:00Z
gcc-toolset-14-gcc-0:14.2.1-1.3.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1300	2025-02-11T00:00:00Z
gcc-toolset-13-gcc-0:13.3.1-2.2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1309	2025-02-11T00:00:00Z
gcc-0:11.5.0-5.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1346	2025-02-12T00:00:00Z
doxygen-1:1.9.1-12.el9_5	cpe:/a:redhat:enterprise_linux:9::crb	RHSA-2025:1329	2025-02-11T00:00:00Z
gcc-0:11.5.0-5.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:1346	2025-02-12T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
tbb-0:2020.3-8.el9_0.1	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1213	2025-02-10T00:00:00Z
gcc-0:11.2.1-9.5.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1305	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tbb-0:2020.3-8.el9_2.1	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1209	2025-02-10T00:00:00Z
gcc-0:11.3.1-4.4.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1303	2025-02-11T00:00:00Z
doxygen-1:1.9.1-12.el9_2	cpe:/a:redhat:rhel_eus:9.2::crb	RHSA-2025:1185	2025-02-10T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
tbb-0:2020.3-8.el9_4.1	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1211	2025-02-10T00:00:00Z
gcc-0:11.4.1-4.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1304	2025-02-11T00:00:00Z
gcc-toolset-13-gcc-0:13.3.1-2.2.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1342	2025-02-12T00:00:00Z
doxygen-1:1.9.1-12.el9_4	cpe:/a:redhat:rhel_eus:9.4::crb	RHSA-2025:1315	2025-02-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jquery	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:0556	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:0553	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:0554	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:0552	2023-01-31T00:00:00Z
Red Hat OpenShift Container Platform 4.5
openshift4/ose-console:v4.5.0-202007012112.p0	cpe:/a:redhat:openshift:4.5::el7	RHSA-2020:2412	2020-07-13T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-grafana:v4.6.0-202010061132.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
openshift4/ose-prometheus:v4.6.0-202009290409.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
Red Hat OpenStack Platform 16.1
python-XStatic-jQuery224-0:2.2.4.1-3.el8ost	cpe:/a:redhat:openstack:16.1::el8	RHSA-2020:5412	2020-12-15T00:00:00Z
Red Hat OpenStack Platform 16.2
python-django20-0:2.0.13-19.el8ost	cpe:/a:redhat:openstack:16.2::el8	RHSA-2025:1070	2025-02-05T00:00:00Z
Red Hat Single Sign-On 7
keycloak-idp-jquery	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.4.1
js-jquery	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:2813	2020-07-02T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
Red Hat Virtualization Engine 4.4
ovirt-engine-ui-extensions-0:1.2.2-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3247	2020-08-04T00:00:00Z
ovirt-web-ui-0:1.6.4-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3807	2020-09-23T00:00:00Z
org.ovirt.engine-root-0:4.5.2.4-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:6393	2022-09-08T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://jquery.com/upgrade-guide/3.5/
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2020-11023
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10

History

Thu, 13 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:9

Thu, 13 Feb 2025 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:openstack:16.2::el8 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:8.8::crb cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::crb cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:discovery:1.0::el9 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:rhel_aus:7.7 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat discovery Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Mon, 10 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-01-23'}`

Thu, 23 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37

Thu, 23 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-04-29T00:00:00.000Z

Updated: 2025-02-10T18:30:49.172Z

Reserved: 2020-03-30T00:00:00.000Z

Link: CVE-2020-11023

Vulnrichment

Updated: 2025-01-23T21:07:47.681Z

NVD

Status : Modified

Published: 2020-04-29T21:15:11.743

Modified: 2025-01-24T02:00:02.453

Link: CVE-2020-11023

Redhat

Severity : Moderate

Publid Date: 2020-04-29T00:00:00Z

Links: CVE-2020-11023 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object