CVE-2022-4130

CWE-918Server-Side Request Forgery (SSRF)4 documents4 sources
Severity
4.5MEDIUM
EPSS
0.1%
top 68.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedDec 16
Latest updateJan 16

Description

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5satellite_serverSatellite Server 6.9,6.10,6.11
NVDredhat/satellite6.10, 6.11, 6.9+2

🔴Vulnerability Details

2
GHSA
GHSA-qq54-c3p8-j5hg: A blind site-to-site request forgery vulnerability was found in Satellite server2022-12-21
CVEList
CVE-2022-4130: A blind site-to-site request forgery vulnerability was found in Satellite server2022-12-16

📋Vendor Advisories

1
Red Hat
satellite: Blind SSRF via Referer header2023-01-16