CVE-2022-4130

EUVD-2022-51495
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
CISA-ADPADP
4.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
redhatsatellite
6.9
redhatsatellite
6.10
redhatsatellite
6.11
𝑥
= Vulnerable software versions
References
https://bugzilla.redhat.com/show_bug.cgi?id=2145254
https://bugzilla.redhat.com/show_bug.cgi?id=2145254