CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
18 Dec 2023 — An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Se encontró una falla de desbordamiento aritmético en Satellite al crear un nuevo token de acceso personal. Esta falla permite a un atacante que utiliza este desbordamiento aritmético crear tokens de acceso personal que son válidos indefinidament... • https://access.redhat.com/errata/RHSA-2024:2010 • CWE-613: Insufficient Session Expiration •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0118 – Foreman: arbitrary code execution through templates
https://notcve.org/view.php?id=CVE-2023-0118
04 Aug 2023 — An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. Se encontró una falla en la ejecución de código arbitrario en Foreman. Esta falla permite a un usuario administrador omitir el modo seguro en las plantillas y ejecutar código arbitrario en el sistema operativo subyacente. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their ... • https://access.redhat.com/errata/RHSA-2023:4466 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0119 – Foreman: stored cross-site scripting in host tab
https://notcve.org/view.php?id=CVE-2023-0119
01 Jun 2023 — A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. Se encontró una vulnerabilidad de Cross-Site Scripting almacenada en foreman. La sección Comment en la pestaña Hosts tiene un filtrado incorrecto de los datos de entrada del usuario. • https://access.redhat.com/errata/RHSA-2023:3387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •