CVE-2023-4320

CWE-613 — Insufficient Session Expiration5 documents5 sources

Severity

7.5HIGH

EPSS

0.1%

top 84.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedDec 18

Latest updateDec 30

Description

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

▶NVDredhat/satellite< 6.13

🔴Vulnerability Details

GHSA

GHSA-7v43-v54c-p26h: An arithmetic overflow flaw was found in Satellite when creating a new personal access token↗2023-12-30

▶

CVEList

Satellite: arithmetic overflow in satellite↗2023-12-18

▶

VulnCheck

Red Hat satellite Insufficient Session Expiration↗2023

▶

📋Vendor Advisories

Red Hat

satellite: arithmetic overflow in satellite↗2023-08-14

▶