CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

CVSS v3 4.5 MEDIUM

4.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2145254	Issue Tracking Permissions Required Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2145254	Issue Tracking Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:satellite:6.9:::::::*
	cpe:2.3:a:redhat:satellite:6.10:::::::*
	cpe:2.3:a:redhat:satellite:6.11:::::::*

History

21 Nov 2024, 07:34

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad de blind site-to-site request forgery en Satellite server. Es posible desencadenar una interacción externa con el servidor de un atacante modificando el encabezado Referer en una solicitud HTTP de recursos específicos en el servidor.
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2145254 - Issue Tracking, Permissions Required, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2145254 - Issue Tracking, Permissions Required, Vendor Advisory

Information

Published : 2022-12-16 16:15

Updated : 2025-04-14 19:15

NVD link : CVE-2022-4130

Mitre link : CVE-2022-4130

CVE.ORG link : CVE-2022-4130

JSON object : View

Products Affected

redhat

satellite

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-4130", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2022-12-16T16:15:25.173", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de blind site-to-site request forgery en Satellite server. Es posible desencadenar una interacci\u00f3n externa con el servidor de un atacante modificando el encabezado Referer en una solicitud HTTP de recursos espec\u00edficos en el servidor."}], "lastModified": "2025-04-14T19:15:34.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80276170-A9E8-4C26-9373-59E1914C88DD"}, {"criteria": "cpe:2.3:a:redhat:satellite:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "590BA9E2-A8D2-4545-9048-02D4ECE28B35"}, {"criteria": "cpe:2.3:a:redhat:satellite:6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF6E338-61C0-4A95-8AC7-F826F68612D0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}