CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Se encontró una falla de desbordamiento aritmético en Satellite al crear un nuevo token de acceso personal. Esta falla permite a un atacante que utiliza este desbordamiento aritmético crear tokens de acceso personal que son válidos indefinidamente, lo que daña la integridad del sistema. • https://access.redhat.com/errata/RHSA-2024:2010 https://access.redhat.com/security/cve/CVE-2023-4320 https://bugzilla.redhat.com/show_bug.cgi?id=2231814 • CWE-613: Insufficient Session Expiration •
CVSS: 4.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4130 – satellite: Blind SSRF via Referer header
https://notcve.org/view.php?id=CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. Se encontró una vulnerabilidad de blind site-to-site request forgery en Satellite server. Es posible desencadenar una interacción externa con el servidor de un atacante modificando el encabezado Referer en una solicitud HTTP de recursos específicos en el servidor. • https://bugzilla.redhat.com/show_bug.cgi?id=2145254 https://access.redhat.com/security/cve/CVE-2022-4130 • CWE-918: Server-Side Request Forgery (SSRF) •