CVE-2022-4130

EPSS 0.1%
Published 16.12.2022 16:15:25
Last modified 14.04.2025 19:15:34
Source secalert@redhat.com
Teams watchlist Login
Open Login

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Satellite Version6.9

Redhat ≫ Satellite Version6.10

Redhat ≫ Satellite Version6.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.279

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

https://bugzilla.redhat.com/show_bug.cgi?id=2145254

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-4130

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4130

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4130

EUVD