A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2145254 | Issue Tracking Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Feb 2023, 18:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.5 |
21 Dec 2022, 20:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2145254 - Issue Tracking, Permissions Required, Vendor Advisory | |
First Time |
Redhat satellite
Redhat |
|
CPE | cpe:2.3:a:redhat:satellite:6.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:6.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:6.9:*:*:*:*:*:*:* |
16 Dec 2022, 17:11
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-16 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4130
Mitre link : CVE-2022-4130
CVE.ORG link : CVE-2022-4130
JSON object : View
Products Affected
redhat
- satellite
CWE