Vulnerabilities > CVE-2022-4130 - Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9

CVSS 4.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2022-12-16

Updated: 2023-02-06

Summary

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Satellite 6.11 Redhat Satellite 6.9 Redhat Satellite 6.10	3

References

https://bugzilla.redhat.com/show_bug.cgi?id=2145254