CVE-2023-4320
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
0.001 Low
EPSS
Percentile
21.7%
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system’s integrity.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:satellite | redhat satellite | lt | 6.13 |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "foreman",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.9.1.6-1.el8sat",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "foreman",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.9.1.6-1.el8sat",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8"
]
}
]Related
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
0.001 Low
EPSS
Percentile
21.7%