CESA-2020:3936 -- centos 7 ipa-clientID: oval:org.secpod.oval:def:205618 | Date: (C)2020-10-28 (M)2024-05-22 |
Class: PATCH | Family: unix |
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa . Security Fix: * js-jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribute * bootstrap: Cross-site Scripting in the data-container property of tooltip. * bootstrap: XSS in the tooltip data-viewport attribute * bootstrap: XSS in the affix configuration target property * bootstrap: XSS in the tooltip or popover data-template attribute * js-jquery: prototype pollution in object"s prototype leading to denial of service or remote code execution or property injection * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method * ipa: No password length restriction leads to denial of service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.