Vulnerabilities > CVE-2023-4320 - Insufficient Session Expiration vulnerability in Redhat Satellite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

redhat

CWE-613

NVD

Published: 2023-12-18

Updated: 2024-04-25

Summary

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Satellite 3.7 Redhat Satellite 4.0 Redhat Satellite 4.1 Redhat Satellite 4.2 Redhat Satellite 5 Redhat Satellite 5.0 Redhat Satellite 5.1 Redhat Satellite 5.1.1 Redhat Satellite 5.2 Redhat Satellite 5.3 Redhat Satellite 5.4 Redhat Satellite 5.4.1 Redhat Satellite 5.5 Redhat Satellite 5.6 Redhat Satellite 5.7 Redhat Satellite 5.8 Redhat Satellite 5.8.0 Redhat Satellite 6.0 Redhat Satellite 6.0.3 Redhat Satellite 6.0.5 Redhat Satellite 6.0.6 Redhat Satellite 6.0.7 Redhat Satellite 6.0.8 Redhat Satellite 6.1 Redhat Satellite 6.1.2 Redhat Satellite 6.1.3 Redhat Satellite 6.1.4 Redhat Satellite 6.1.5 Redhat Satellite 6.1.6 Redhat Satellite 6.1.7 Redhat Satellite 6.1.8 Redhat Satellite 6.1.9 Redhat Satellite 6.1.10 Redhat Satellite 6.1.11 Redhat Satellite 6.1.12 Redhat Satellite 6.2 Redhat Satellite 6.2.1 Redhat Satellite 6.2.2 Redhat Satellite 6.2.3 Redhat Satellite 6.2.4 Redhat Satellite 6.2.5 Redhat Satellite 6.2.6 Redhat Satellite 6.2.7 Redhat Satellite 6.2.8 Redhat Satellite 6.2.9 Redhat Satellite 6.2.10 Redhat Satellite 6.2.11 Redhat Satellite 6.2.12 Redhat Satellite 6.2.13 Redhat Satellite 6.2.14 Redhat Satellite 6.2.15 Redhat Satellite 6.2.16 Redhat Satellite 6.3 Redhat Satellite 6.3.1 Redhat Satellite 6.3.2 Redhat Satellite 6.3.3 Redhat Satellite 6.3.4 Redhat Satellite 6.3.5 Redhat Satellite 6.4 Redhat Satellite 6.4.1 Redhat Satellite 6.4.2 Redhat Satellite 6.4.3 Redhat Satellite 6.4.4 Redhat Satellite 6.5 Redhat Satellite 6.5.1 Redhat Satellite 6.5.2 Redhat Satellite 6.5.3 Redhat Satellite 6.6 Redhat Satellite 6.6.1 Redhat Satellite 6.6.2 Redhat Satellite 6.6.3 Redhat Satellite 6.7 Redhat Satellite 6.7.1 Redhat Satellite 6.7.2 Redhat Satellite 6.7.3 Redhat Satellite 6.7.4 Redhat Satellite 6.7.5 Redhat Satellite 6.8 Redhat Satellite 6.8.1 Redhat Satellite 6.8.2 Redhat Satellite 6.8.3 Redhat Satellite 6.8.4 Redhat Satellite 6.8.5 Redhat Satellite 6.8.6 Redhat Satellite 6.9 Redhat Satellite 6.9.1 Redhat Satellite 6.9.2 Redhat Satellite 6.9.3 Redhat Satellite 6.9.4 Redhat Satellite 6.9.5 Redhat Satellite 6.9.6 Redhat Satellite 6.9.7 Redhat Satellite 6.9.8 Redhat Satellite 6.9.9 Redhat Satellite 6.9.10 Redhat Satellite 6.10 Redhat Satellite 6.10.1 Redhat Satellite 6.10.2 Redhat Satellite 6.10.3 Redhat Satellite 6.10.4 Redhat Satellite 6.10.4-1 Redhat Satellite 6.10.5 Redhat Satellite 6.10.5-1 Redhat Satellite 6.10.6 Redhat Satellite 6.10.7 Redhat Satellite 6.10.7.1 Redhat Satellite 6.10.7.2 Redhat Satellite 6.11 Redhat Satellite 6.11.1 Redhat Satellite 6.11.1.1 Redhat Satellite 6.11.2 Redhat Satellite 6.11.3 Redhat Satellite 6.11.4 Redhat Satellite 6.11.4.1 Redhat Satellite 6.11.5 Redhat Satellite 6.11.5.1 Redhat Satellite 6.11.5.2 Redhat Satellite 6.11.5.3 Redhat Satellite 6.11.5.4 Redhat Satellite 6.12 Redhat Satellite 6.12.1 Redhat Satellite 6.12.2 Redhat Satellite 6.12.3 Redhat Satellite 6.12.4 Redhat Satellite 6.12.4.1 Redhat Satellite 6.12.5	146

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References