CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Se encontró una falla de desbordamiento aritmético en Satellite al crear un nuevo token de acceso personal. Esta falla permite a un atacante que utiliza este desbordamiento aritmético crear tokens de acceso personal que son válidos indefinidamente, lo que daña la integridad del sistema. • https://access.redhat.com/errata/RHSA-2024:2010 https://access.redhat.com/security/cve/CVE-2023-4320 https://bugzilla.redhat.com/show_bug.cgi?id=2231814 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14380 – Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
https://notcve.org/view.php?id=CVE-2020-14380
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. Se ha encontrado un fallo de toma de posesión de cuentas en Red Hat Satellite versiones 6.7.2 en adelante. Un potencial atacante con la autenticación apropiada a la fuente de autenticación externa relevante (SSO u Open ID) puede reclamar los privilegios de los usuarios locales ya existentes de Satellite Red Hat Satellite's external authentication component is vulnerable to a full account takeover flaw. This flaw allows an attacker with an authenticated account on Single sign-on (SSO) to gain elevated privileges of existing local users. • https://bugzilla.redhat.com/show_bug.cgi?id=1873926 https://access.redhat.com/security/cve/CVE-2020-14380 • CWE-287: Improper Authentication •