CVE-2020-26247

Upstream information

CVE-2020-26247 at MITRE

Description

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	4
Vector	AV:N/AC:L/Au:S/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Low
Authentication	Single
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

CVSS v3 Scores

	National Vulnerability Database	SUSE
Base Score	4.3	5.3
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector	Network	Network
Attack Complexity	Low	Low
Privileges Required	Low	None
User Interaction	None	None
Scope	Unchanged	Unchanged
Confidentiality Impact	Low	Low
Integrity Impact	None	None
Availability Impact	None	None
CVSSv3 Version	3.1	3.1

SUSE Bugzilla entry: 1180507 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SU-2021:0210-1, published Mon Jan 25 13:15:21 MST 2021
• SUSE-SU-2021:0251-1, published Mon Feb 1 07:16:51 MST 2021
• SUSE-SU-2021:2554-1, published Wed Jul 28 19:20:07 UTC 2021
• openSUSE-SU-2021:0237-1, published Tue Feb 16 10:27:50 2021

List of released packages

Product(s)	Fixed package version(s)	References
HPE Helion OpenStack 8	ardana-cobbler >= 8.0+git.1614096566.e8c2b27-3.44.3 cassandra >= 3.11.10-5.3.5 cassandra-tools >= 3.11.10-5.3.5 documentation-hpe-helion-openstack-installation >= 8.20210512-1.32.5 documentation-hpe-helion-openstack-operations >= 8.20210512-1.32.5 documentation-hpe-helion-openstack-opsconsole >= 8.20210512-1.32.5 documentation-hpe-helion-openstack-planning >= 8.20210512-1.32.5 documentation-hpe-helion-openstack-security >= 8.20210512-1.32.5 documentation-hpe-helion-openstack-user >= 8.20210512-1.32.5 grafana >= 6.7.4-4.18.2 kibana >= 4.6.6-3.9.2 openstack-heat-templates >= 0.0.0+git.1623056900.7917e18-3.21.3 openstack-monasca-installer >= 20190923_16.32-3.18.2 openstack-nova >= 16.1.9~dev92-3.48.5 openstack-nova-api >= 16.1.9~dev92-3.48.5 openstack-nova-cells >= 16.1.9~dev92-3.48.5 openstack-nova-compute >= 16.1.9~dev92-3.48.5 openstack-nova-conductor >= 16.1.9~dev92-3.48.5 openstack-nova-console >= 16.1.9~dev92-3.48.5 openstack-nova-consoleauth >= 16.1.9~dev92-3.48.5 openstack-nova-doc >= 16.1.9~dev92-3.48.5 openstack-nova-novncproxy >= 16.1.9~dev92-3.48.5 openstack-nova-placement-api >= 16.1.9~dev92-3.48.5 openstack-nova-scheduler >= 16.1.9~dev92-3.48.5 openstack-nova-serialproxy >= 16.1.9~dev92-3.48.5 openstack-nova-vncproxy >= 16.1.9~dev92-3.48.5 python-Django >= 1.11.29-3.25.3 python-elementpath >= 1.3.1-1.3.2 python-eventlet >= 0.20.0-6.3.3 python-nova >= 16.1.9~dev92-3.48.5 python-py >= 1.4.34-3.3.3 python-pysaml2 >= 4.0.2-5.9.2 python-xmlschema >= 1.0.18-1.3.3 venv-openstack-aodh-x86_64 >= 5.1.1~dev7-12.32.3 venv-openstack-barbican-x86_64 >= 5.0.2~dev3-12.33.3 venv-openstack-ceilometer-x86_64 >= 9.0.8~dev7-12.30.3 venv-openstack-cinder-x86_64 >= 11.2.3~dev29-14.34.2 venv-openstack-designate-x86_64 >= 5.0.3~dev7-12.31.3 venv-openstack-freezer-x86_64 >= 5.0.0.0~xrc2~dev2-10.28.3 venv-openstack-glance-x86_64 >= 15.0.3~dev3-12.31.3 venv-openstack-heat-x86_64 >= 9.0.8~dev22-12.33.2 venv-openstack-horizon-hpe-x86_64 >= 12.0.5~dev6-14.36.3 venv-openstack-ironic-x86_64 >= 9.1.8~dev8-12.33.3 venv-openstack-keystone-x86_64 >= 12.0.4~dev11-11.35.3 venv-openstack-magnum-x86_64 >= 5.0.2_5.0.2_5.0.2~dev31-11.32.2 venv-openstack-manila-x86_64 >= 5.1.1~dev5-12.37.3 venv-openstack-monasca-ceilometer-x86_64 >= 1.5.1_1.5.1_1.5.1~dev3-8.28.3 venv-openstack-monasca-x86_64 >= 2.2.2~dev1-11.28.3 venv-openstack-murano-x86_64 >= 4.0.2~dev2-12.28.3 venv-openstack-neutron-x86_64 >= 11.0.9~dev69-13.38.3 venv-openstack-nova-x86_64 >= 16.1.9~dev92-11.36.3 venv-openstack-octavia-x86_64 >= 1.0.6~dev3-12.33.3 venv-openstack-sahara-x86_64 >= 7.0.5~dev4-11.32.3 venv-openstack-swift-x86_64 >= 2.15.2_2.15.2_2.15.2~dev32-11.23.3 venv-openstack-trove-x86_64 >= 8.0.2~dev2-11.32.3	Patchnames: HPE-Helion-OpenStack-8-2021-2554
Image SLES15-SAP-Azure Image SLES15-SAP-Azure-BYOS Image SLES15-SAP-Azure-LI-BYOS-Production Image SLES15-SAP-Azure-VLI-BYOS-Production Image SLES15-SAP-EC2-HVM Image SLES15-SAP-EC2-HVM-BYOS Image SLES15-SAP-GCE Image SLES15-SAP-GCE-BYOS Image SLES15-SAP-OCI-BYOS Image SLES15-SP1-SAP-Azure Image SLES15-SP1-SAP-Azure-BYOS Image SLES15-SP1-SAP-Azure-LI-BYOS-Production Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production Image SLES15-SP1-SAP-EC2-HVM Image SLES15-SP1-SAP-EC2-HVM-BYOS Image SLES15-SP1-SAP-GCE Image SLES15-SP1-SAP-GCE-BYOS Image SLES15-SP1-SAP-OCI-BYOS Image SLES15-SP2-SAP-Azure Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-SAP-BYOS-Azure Image SLES15-SP2-SAP-BYOS-EC2-HVM Image SLES15-SP2-SAP-BYOS-GCE Image SLES15-SP2-SAP-EC2-HVM Image SLES15-SP2-SAP-GCE Image SLES15-SP3-BYOS-Azure Image SLES15-SP3-BYOS-EC2-HVM Image SLES15-SP3-BYOS-GCE Image SLES15-SP3-EC2-HVM Image SLES15-SP3-GCE Image SLES15-SP3-HPC-Azure Image SLES15-SP3-HPC-BYOS-Azure Image SLES15-SP3-HPC-BYOS-EC2-HVM Image SLES15-SP3-HPC-BYOS-GCE Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE Image SLES15-SP3-SAP-Azure Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-EC2-HVM Image SLES15-SP3-SAP-BYOS-GCE Image SLES15-SP3-SAP-EC2-HVM Image SLES15-SP3-SAP-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-EC2-HVM Image SLES15-SP3-SAPCAL-GCE	ruby2.5-rubygem-nokogiri >= 1.8.5-3.6.1
SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2	ruby2.5-rubygem-nokogiri >= 1.8.5-3.6.1	Patchnames: SUSE Linux Enterprise Module for Basesystem 15 SP3 GA ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3 GA rubygem-nokogiri-1.8.5-3.6.1
SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3	ruby2.5-rubygem-nokogiri >= 1.8.5-150400.12.4	Patchnames: SUSE Linux Enterprise Module for Basesystem 15 SP4 GA ruby2.5-rubygem-nokogiri-1.8.5-150400.12.4
SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5	ruby2.5-rubygem-nokogiri >= 1.8.5-150400.14.3.1	Patchnames: SUSE Linux Enterprise Module for Basesystem 15 SP5 GA ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6	ruby2.5-rubygem-nokogiri >= 1.8.5-150400.14.3.1	Patchnames: SUSE Linux Enterprise Module for Basesystem 15 SP6 GA ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1
SUSE Linux Enterprise High Availability Extension 15 SP1	ruby2.5-rubygem-nokogiri >= 1.8.5-3.6.1	Patchnames: SUSE-SLE-Product-HA-15-SP1-2021-251
SUSE Linux Enterprise High Availability Extension 15 SP2	ruby2.5-rubygem-nokogiri >= 1.8.5-3.6.1	Patchnames: SUSE-SLE-Product-HA-15-SP2-2021-251
SUSE Linux Enterprise High Availability Extension 15	ruby2.5-rubygem-nokogiri >= 1.8.5-3.6.1	Patchnames: SUSE-SLE-Product-HA-15-2021-251
SUSE OpenStack Cloud 7	ruby2.1-rubygem-nokogiri >= 1.6.1-5.3.1	Patchnames: SUSE-OpenStack-Cloud-7-2021-210
SUSE OpenStack Cloud 8	ardana-cobbler >= 8.0+git.1614096566.e8c2b27-3.44.3 cassandra >= 3.11.10-5.3.5 cassandra-tools >= 3.11.10-5.3.5 documentation-suse-openstack-cloud-installation >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-operations >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-opsconsole >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-planning >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-security >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-supplement >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-upstream-admin >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-upstream-user >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-user >= 8.20210512-1.32.5 grafana >= 6.7.4-4.18.2 kibana >= 4.6.6-3.9.2 openstack-heat-templates >= 0.0.0+git.1623056900.7917e18-3.21.3 openstack-monasca-installer >= 20190923_16.32-3.18.2 openstack-nova >= 16.1.9~dev92-3.48.5 openstack-nova-api >= 16.1.9~dev92-3.48.5 openstack-nova-cells >= 16.1.9~dev92-3.48.5 openstack-nova-compute >= 16.1.9~dev92-3.48.5 openstack-nova-conductor >= 16.1.9~dev92-3.48.5 openstack-nova-console >= 16.1.9~dev92-3.48.5 openstack-nova-consoleauth >= 16.1.9~dev92-3.48.5 openstack-nova-doc >= 16.1.9~dev92-3.48.5 openstack-nova-novncproxy >= 16.1.9~dev92-3.48.5 openstack-nova-placement-api >= 16.1.9~dev92-3.48.5 openstack-nova-scheduler >= 16.1.9~dev92-3.48.5 openstack-nova-serialproxy >= 16.1.9~dev92-3.48.5 openstack-nova-vncproxy >= 16.1.9~dev92-3.48.5 python-Django >= 1.11.29-3.25.3 python-elementpath >= 1.3.1-1.3.2 python-eventlet >= 0.20.0-6.3.3 python-nova >= 16.1.9~dev92-3.48.5 python-py >= 1.4.34-3.3.3 python-pysaml2 >= 4.0.2-5.9.2 python-xmlschema >= 1.0.18-1.3.3 venv-openstack-aodh-x86_64 >= 5.1.1~dev7-12.32.3 venv-openstack-barbican-x86_64 >= 5.0.2~dev3-12.33.3 venv-openstack-ceilometer-x86_64 >= 9.0.8~dev7-12.30.3 venv-openstack-cinder-x86_64 >= 11.2.3~dev29-14.34.2 venv-openstack-designate-x86_64 >= 5.0.3~dev7-12.31.3 venv-openstack-freezer-x86_64 >= 5.0.0.0~xrc2~dev2-10.28.3 venv-openstack-glance-x86_64 >= 15.0.3~dev3-12.31.3 venv-openstack-heat-x86_64 >= 9.0.8~dev22-12.33.2 venv-openstack-horizon-x86_64 >= 12.0.5~dev6-14.36.6 venv-openstack-ironic-x86_64 >= 9.1.8~dev8-12.33.3 venv-openstack-keystone-x86_64 >= 12.0.4~dev11-11.35.3 venv-openstack-magnum-x86_64 >= 5.0.2_5.0.2_5.0.2~dev31-11.32.2 venv-openstack-manila-x86_64 >= 5.1.1~dev5-12.37.3 venv-openstack-monasca-ceilometer-x86_64 >= 1.5.1_1.5.1_1.5.1~dev3-8.28.3 venv-openstack-monasca-x86_64 >= 2.2.2~dev1-11.28.3 venv-openstack-murano-x86_64 >= 4.0.2~dev2-12.28.3 venv-openstack-neutron-x86_64 >= 11.0.9~dev69-13.38.3 venv-openstack-nova-x86_64 >= 16.1.9~dev92-11.36.3 venv-openstack-octavia-x86_64 >= 1.0.6~dev3-12.33.3 venv-openstack-sahara-x86_64 >= 7.0.5~dev4-11.32.3 venv-openstack-swift-x86_64 >= 2.15.2_2.15.2_2.15.2~dev32-11.23.3 venv-openstack-trove-x86_64 >= 8.0.2~dev2-11.32.3	Patchnames: SUSE-OpenStack-Cloud-8-2021-2554
SUSE OpenStack Cloud Crowbar 8	cassandra >= 3.11.10-5.3.5 cassandra-tools >= 3.11.10-5.3.5 crowbar-core >= 5.0+git.1622489449.a8e60e238-3.50.4 crowbar-core-branding-upstream >= 5.0+git.1622489449.a8e60e238-3.50.4 crowbar-openstack >= 5.0+git.1616001417.67fd9c2a1-4.52.5 documentation-suse-openstack-cloud-deployment >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-supplement >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-upstream-admin >= 8.20210512-1.32.5 documentation-suse-openstack-cloud-upstream-user >= 8.20210512-1.32.5 grafana >= 6.7.4-4.18.2 kibana >= 4.6.6-3.9.2 openstack-heat-templates >= 0.0.0+git.1623056900.7917e18-3.21.3 openstack-monasca-installer >= 20190923_16.32-3.18.2 openstack-nova >= 16.1.9~dev92-3.48.5 openstack-nova-api >= 16.1.9~dev92-3.48.5 openstack-nova-cells >= 16.1.9~dev92-3.48.5 openstack-nova-compute >= 16.1.9~dev92-3.48.5 openstack-nova-conductor >= 16.1.9~dev92-3.48.5 openstack-nova-console >= 16.1.9~dev92-3.48.5 openstack-nova-consoleauth >= 16.1.9~dev92-3.48.5 openstack-nova-doc >= 16.1.9~dev92-3.48.5 openstack-nova-novncproxy >= 16.1.9~dev92-3.48.5 openstack-nova-placement-api >= 16.1.9~dev92-3.48.5 openstack-nova-scheduler >= 16.1.9~dev92-3.48.5 openstack-nova-serialproxy >= 16.1.9~dev92-3.48.5 openstack-nova-vncproxy >= 16.1.9~dev92-3.48.5 python-Django >= 1.11.29-3.25.3 python-elementpath >= 1.3.1-1.3.2 python-eventlet >= 0.20.0-6.3.3 python-nova >= 16.1.9~dev92-3.48.5 python-py >= 1.4.34-3.3.3 python-pysaml2 >= 4.0.2-5.9.2 python-xmlschema >= 1.0.18-1.3.3 ruby2.1-rubygem-activerecord-session_store >= 0.1.2-3.3.2 ruby2.1-rubygem-nokogiri >= 1.6.1-5.3.1	Patchnames: SUSE-OpenStack-Cloud-Crowbar-8-2021-210 SUSE-OpenStack-Cloud-Crowbar-8-2021-2554
SUSE OpenStack Cloud Crowbar 9	ruby2.1-rubygem-nokogiri >= 1.6.1-5.3.1	Patchnames: SUSE-OpenStack-Cloud-Crowbar-9-2021-210
openSUSE Leap 15.2	ruby2.5-rubygem-nokogiri >= 1.8.5-lp152.4.3.1 ruby2.5-rubygem-nokogiri-doc >= 1.8.5-lp152.4.3.1 ruby2.5-rubygem-nokogiri-testsuite >= 1.8.5-lp152.4.3.1	Patchnames: openSUSE-2021-237
openSUSE Leap 15.3	ruby2.5-rubygem-nokogiri >= 1.8.5-3.6.1	Patchnames: openSUSE Leap 15.3 GA ruby2.5-rubygem-nokogiri-1.8.5-3.6.1
openSUSE Leap 15.4	ruby2.5-rubygem-nokogiri >= 1.8.5-150400.12.4	Patchnames: openSUSE Leap 15.4 GA ruby2.5-rubygem-nokogiri-1.8.5-150400.12.4

---

First public cloud image revisions this CVE is fixed in:

• amazon/suse-manager-4-2-proxy-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-manager-4-2-server-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-byos-v20210924-hvm-ssd-arm64
• amazon/suse-sles-15-sp3-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-v20210924-hvm-ssd-arm64
• amazon/suse-sles-15-sp3-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-hpc-15-sp3-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp3-byos-v20210924-hvm-ssd-x86_64
• google/sles-15-sap-byos-v20210209
• google/sles-15-sap-v20210209
• google/sles-15-sp1-sap-byos-v20210208
• google/sles-15-sp1-sap-v20210208
• google/sles-15-sp2-sap-byos-v20210204
• google/sles-15-sp2-sap-v20210204
• google/sles-15-sp3-byos-v20210812
• google/sles-15-sp3-sap-byos-v20210812
• google/sles-15-sp3-sap-v20210812
• google/sles-15-sp3-sapcal-v20210812
• google/sles-15-sp3-v20210812
• google/suse-manager-4-2-proxy-byos-v20210812
• google/suse-manager-4-2-server-byos-v20210812
• microsoft/suse-manager-4-2-proxy-byos-v20210924
• microsoft/suse-manager-4-2-server-byos-v20210924
• microsoft/suse-sles-15-sp3-basic-v20210924
• microsoft/suse-sles-15-sp3-byos-v20210924
• microsoft/suse-sles-15-sp3-hpc-byos-v20210924
• microsoft/suse-sles-15-sp3-hpc-v20210924
• microsoft/suse-sles-15-sp3-sapcal-v20220120
• microsoft/suse-sles-15-sp3-v20210924
• microsoft/suse-sles-sap-15-sp1-byos-v20210210
• microsoft/suse-sles-sap-15-sp2-byos-v20210216
• microsoft/suse-sles-sap-15-sp2-byos-v20210303
• microsoft/suse-sles-sap-15-sp2-v20210205
• microsoft/suse-sles-sap-15-sp3-byos-v20210924
• microsoft/suse-sles-sap-15-sp3-v20210924
• oracle/sles-15-sp2-sap-byos-v20210303

---

Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification. The updates are grouped by state of their lifecycle. SUSE product lifecycles are documented on the lifecycle page.

Product(s)	Source package	State
Products under Long Term Service Pack support and receiving important and critical security fixes.
SUSE Linux Enterprise High Availability Extension 15 SP2	rubygem-nokogiri	Released
SUSE Linux Enterprise High Performance Computing 15 SP3	rubygem-nokogiri	Released
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS	rubygem-nokogiri	Affected
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS	rubygem-nokogiri	Affected
SUSE Linux Enterprise Module for Basesystem 15 SP3	rubygem-nokogiri	Released
SUSE Linux Enterprise Server 15 SP3	rubygem-nokogiri	Released
SUSE Linux Enterprise Server 15 SP3-LTSS	rubygem-nokogiri	Affected
SUSE Linux Enterprise Server for SAP Applications 15 SP3	rubygem-nokogiri	Released
Products past their end of life and not receiving proactive updates anymore.
HPE Helion OpenStack 8	ardana-cobbler	Released
HPE Helion OpenStack 8	cassandra	Released
HPE Helion OpenStack 8	documentation-hpe-helion-openstack-installation	Released
HPE Helion OpenStack 8	documentation-hpe-helion-openstack-operations	Released
HPE Helion OpenStack 8	documentation-hpe-helion-openstack-opsconsole	Released
HPE Helion OpenStack 8	documentation-hpe-helion-openstack-planning	Released
HPE Helion OpenStack 8	documentation-hpe-helion-openstack-security	Released
HPE Helion OpenStack 8	documentation-hpe-helion-openstack-user	Released
HPE Helion OpenStack 8	grafana	Released
HPE Helion OpenStack 8	kibana	Released
HPE Helion OpenStack 8	openstack-heat-templates	Released
HPE Helion OpenStack 8	openstack-monasca-installer	Released
HPE Helion OpenStack 8	openstack-nova	Released
HPE Helion OpenStack 8	openstack-nova-doc	Released
HPE Helion OpenStack 8	python-Django	Released
HPE Helion OpenStack 8	python-elementpath	Released
HPE Helion OpenStack 8	python-eventlet	Released
HPE Helion OpenStack 8	python-py	Released
HPE Helion OpenStack 8	python-pysaml2	Released
HPE Helion OpenStack 8	python-xmlschema	Released
HPE Helion OpenStack 8	venv-openstack-aodh	Released
HPE Helion OpenStack 8	venv-openstack-barbican	Released
HPE Helion OpenStack 8	venv-openstack-ceilometer	Released
HPE Helion OpenStack 8	venv-openstack-cinder	Released
HPE Helion OpenStack 8	venv-openstack-designate	Released
HPE Helion OpenStack 8	venv-openstack-freezer	Released
HPE Helion OpenStack 8	venv-openstack-glance	Released
HPE Helion OpenStack 8	venv-openstack-heat	Released
HPE Helion OpenStack 8	venv-openstack-horizon-hpe	Released
HPE Helion OpenStack 8	venv-openstack-ironic	Released
HPE Helion OpenStack 8	venv-openstack-keystone	Released
HPE Helion OpenStack 8	venv-openstack-magnum	Released
HPE Helion OpenStack 8	venv-openstack-manila	Released
HPE Helion OpenStack 8	venv-openstack-monasca	Released
HPE Helion OpenStack 8	venv-openstack-monasca-ceilometer	Released
HPE Helion OpenStack 8	venv-openstack-murano	Released
HPE Helion OpenStack 8	venv-openstack-neutron	Released
HPE Helion OpenStack 8	venv-openstack-nova	Released
HPE Helion OpenStack 8	venv-openstack-octavia	Released
HPE Helion OpenStack 8	venv-openstack-sahara	Released
HPE Helion OpenStack 8	venv-openstack-swift	Released
HPE Helion OpenStack 8	venv-openstack-trove	Released
SUSE Enterprise Storage 2.1	rubygem-nokogiri	Affected
SUSE Enterprise Storage 3	rubygem-nokogiri	Affected
SUSE Enterprise Storage 4	rubygem-nokogiri	Affected
SUSE Enterprise Storage 7.1	rubygem-nokogiri	Released
SUSE Linux Enterprise Desktop 15 SP3	rubygem-nokogiri	Released
SUSE Linux Enterprise High Availability Extension 15	rubygem-nokogiri	Released
SUSE Linux Enterprise High Availability Extension 15 SP1	rubygem-nokogiri	Released
SUSE Linux Enterprise Real Time 15 SP3	rubygem-nokogiri	Affected
SUSE Linux Enterprise Server 15 SP3-BCL	rubygem-nokogiri	Affected
SUSE Manager Proxy 4.2	rubygem-nokogiri	Released
SUSE Manager Retail Branch Server 4.2	rubygem-nokogiri	Released
SUSE Manager Server 4.2	rubygem-nokogiri	Released
SUSE OpenStack Cloud 6	rubygem-nokogiri	Affected
SUSE OpenStack Cloud 6-LTSS	rubygem-nokogiri	Affected
SUSE OpenStack Cloud 7	rubygem-nokogiri	Released
SUSE OpenStack Cloud 8	ardana-cobbler	Released
SUSE OpenStack Cloud 8	cassandra	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-installation	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-operations	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-opsconsole	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-planning	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-security	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-supplement	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-upstream-admin	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-upstream-user	Released
SUSE OpenStack Cloud 8	documentation-suse-openstack-cloud-user	Released
SUSE OpenStack Cloud 8	grafana	Released
SUSE OpenStack Cloud 8	kibana	Released
SUSE OpenStack Cloud 8	openstack-heat-templates	Released
SUSE OpenStack Cloud 8	openstack-monasca-installer	Released
SUSE OpenStack Cloud 8	openstack-nova	Released
SUSE OpenStack Cloud 8	openstack-nova-doc	Released
SUSE OpenStack Cloud 8	python-Django	Released
SUSE OpenStack Cloud 8	python-elementpath	Released
SUSE OpenStack Cloud 8	python-eventlet	Released
SUSE OpenStack Cloud 8	python-py	Released
SUSE OpenStack Cloud 8	python-pysaml2	Released
SUSE OpenStack Cloud 8	python-xmlschema	Released
SUSE OpenStack Cloud 8	venv-openstack-aodh	Released
SUSE OpenStack Cloud 8	venv-openstack-barbican	Released
SUSE OpenStack Cloud 8	venv-openstack-ceilometer	Released
SUSE OpenStack Cloud 8	venv-openstack-cinder	Released
SUSE OpenStack Cloud 8	venv-openstack-designate	Released
SUSE OpenStack Cloud 8	venv-openstack-freezer	Released
SUSE OpenStack Cloud 8	venv-openstack-glance	Released
SUSE OpenStack Cloud 8	venv-openstack-heat	Released
SUSE OpenStack Cloud 8	venv-openstack-horizon	Released
SUSE OpenStack Cloud 8	venv-openstack-ironic	Released
SUSE OpenStack Cloud 8	venv-openstack-keystone	Released
SUSE OpenStack Cloud 8	venv-openstack-magnum	Released
SUSE OpenStack Cloud 8	venv-openstack-manila	Released
SUSE OpenStack Cloud 8	venv-openstack-monasca	Released
SUSE OpenStack Cloud 8	venv-openstack-monasca-ceilometer	Released
SUSE OpenStack Cloud 8	venv-openstack-murano	Released
SUSE OpenStack Cloud 8	venv-openstack-neutron	Released
SUSE OpenStack Cloud 8	venv-openstack-nova	Released
SUSE OpenStack Cloud 8	venv-openstack-octavia	Released
SUSE OpenStack Cloud 8	venv-openstack-sahara	Released
SUSE OpenStack Cloud 8	venv-openstack-swift	Released
SUSE OpenStack Cloud 8	venv-openstack-trove	Released
SUSE OpenStack Cloud Crowbar 8	cassandra	Released
SUSE OpenStack Cloud Crowbar 8	crowbar-core	Released
SUSE OpenStack Cloud Crowbar 8	crowbar-openstack	Released
SUSE OpenStack Cloud Crowbar 8	documentation-suse-openstack-cloud-deployment	Released
SUSE OpenStack Cloud Crowbar 8	documentation-suse-openstack-cloud-supplement	Released
SUSE OpenStack Cloud Crowbar 8	documentation-suse-openstack-cloud-upstream-admin	Released
SUSE OpenStack Cloud Crowbar 8	documentation-suse-openstack-cloud-upstream-user	Released
SUSE OpenStack Cloud Crowbar 8	grafana	Released
SUSE OpenStack Cloud Crowbar 8	kibana	Released
SUSE OpenStack Cloud Crowbar 8	openstack-heat-templates	Released
SUSE OpenStack Cloud Crowbar 8	openstack-monasca-installer	Released
SUSE OpenStack Cloud Crowbar 8	openstack-nova	Released
SUSE OpenStack Cloud Crowbar 8	openstack-nova-doc	Released
SUSE OpenStack Cloud Crowbar 8	python-Django	Released
SUSE OpenStack Cloud Crowbar 8	python-elementpath	Released
SUSE OpenStack Cloud Crowbar 8	python-eventlet	Released
SUSE OpenStack Cloud Crowbar 8	python-py	Released
SUSE OpenStack Cloud Crowbar 8	python-pysaml2	Released
SUSE OpenStack Cloud Crowbar 8	python-xmlschema	Released
SUSE OpenStack Cloud Crowbar 8	rubygem-activerecord-session_store	Released
SUSE OpenStack Cloud Crowbar 8	rubygem-nokogiri	Released
SUSE OpenStack Cloud Crowbar 9	crowbar-core	Released
SUSE OpenStack Cloud Crowbar 9	rubygem-nokogiri	Released
openSUSE Leap 15.3	rubygem-nokogiri	Affected

---

SUSE Timeline for this CVE

CVE page created: Thu Dec 31 02:36:22 2020
CVE page last modified: Fri Nov 15 13:58:04 2024