Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

Published

2022-12-16T16:15:25.173

Last Modified

2025-04-14T19:15:34.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	satellite	6.9	Yes
Application	redhat	satellite	6.10	Yes
Application	redhat	satellite	6.11	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2145254 Issue Tracking, Permissions Required, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2145254 Issue Tracking, Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)