vulnerability
Red Hat: CVE-2022-4130: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:M/C:N/I:C/A:N) | Dec 16, 2022 | Nov 13, 2023 | Jan 28, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:M/C:N/I:C/A:N)
Published
Dec 16, 2022
Added
Nov 13, 2023
Modified
Jan 28, 2025
Description
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
Solutions
redhat-upgrade-foreman-cliredhat-upgrade-python39-pulp_manifestredhat-upgrade-rubygem-amazing_printredhat-upgrade-rubygem-apipie-bindingsredhat-upgrade-rubygem-clampredhat-upgrade-rubygem-domain_nameredhat-upgrade-rubygem-fast_gettextredhat-upgrade-rubygem-ffiredhat-upgrade-rubygem-ffi-debuginforedhat-upgrade-rubygem-ffi-debugsourceredhat-upgrade-rubygem-foreman_maintainredhat-upgrade-rubygem-gssapiredhat-upgrade-rubygem-hammer_cliredhat-upgrade-rubygem-hammer_cli_foremanredhat-upgrade-rubygem-hammer_cli_foreman_adminredhat-upgrade-rubygem-hammer_cli_foreman_ansibleredhat-upgrade-rubygem-hammer_cli_foreman_azure_rmredhat-upgrade-rubygem-hammer_cli_foreman_bootdiskredhat-upgrade-rubygem-hammer_cli_foreman_discoveryredhat-upgrade-rubygem-hammer_cli_foreman_googleredhat-upgrade-rubygem-hammer_cli_foreman_openscapredhat-upgrade-rubygem-hammer_cli_foreman_remote_executionredhat-upgrade-rubygem-hammer_cli_foreman_tasksredhat-upgrade-rubygem-hammer_cli_foreman_templatesredhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configureredhat-upgrade-rubygem-hammer_cli_foreman_webhooksredhat-upgrade-rubygem-hammer_cli_katelloredhat-upgrade-rubygem-hashieredhat-upgrade-rubygem-highlineredhat-upgrade-rubygem-http-acceptredhat-upgrade-rubygem-http-cookieredhat-upgrade-rubygem-jwtredhat-upgrade-rubygem-little-pluggerredhat-upgrade-rubygem-localeredhat-upgrade-rubygem-loggingredhat-upgrade-rubygem-mime-typesredhat-upgrade-rubygem-mime-types-dataredhat-upgrade-rubygem-multi_jsonredhat-upgrade-rubygem-netrcredhat-upgrade-rubygem-oauthredhat-upgrade-rubygem-oauth-ttyredhat-upgrade-rubygem-powerbarredhat-upgrade-rubygem-rest-clientredhat-upgrade-rubygem-snaky_hashredhat-upgrade-rubygem-unfredhat-upgrade-rubygem-unf_extredhat-upgrade-rubygem-unf_ext-debuginforedhat-upgrade-rubygem-unf_ext-debugsourceredhat-upgrade-rubygem-unicoderedhat-upgrade-rubygem-unicode-debuginforedhat-upgrade-rubygem-unicode-debugsourceredhat-upgrade-rubygem-unicode-display_widthredhat-upgrade-rubygem-version_gemredhat-upgrade-satelliteredhat-upgrade-satellite-brandingredhat-upgrade-satellite-cliredhat-upgrade-satellite-cloneredhat-upgrade-satellite-maintain
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.