rpm package
suse/release-notes-susemanager-proxy&distro=SUSE Manager Proxy 3.2
pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%203.2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11022 | Med | 6.9 | < 3.2.15-0.16.47.1 | 3.2.15-0.16.47.1 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |
| CVE-2019-10136 | — | < 3.2.9-0.16.27.1 | 3.2.9-0.16.27.1 | Jul 2, 2019 | It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. | ||
| CVE-2019-10137 | — | < 3.2.9-0.16.27.1 | 3.2.9-0.16.27.1 | Jul 2, 2019 | A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or ca |
- affected < 3.2.15-0.16.47.1fixed 3.2.15-0.16.47.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
- CVE-2019-10136Jul 2, 2019affected < 3.2.9-0.16.27.1fixed 3.2.9-0.16.27.1
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
- CVE-2019-10137Jul 2, 2019affected < 3.2.9-0.16.27.1fixed 3.2.9-0.16.27.1
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or ca