CVE-2022-4130

Advisory lineage Upstream: 0 Downstream: 2

Downstream

RHSA-2023:6818 RHSA-2024:1061

Modified

Published: 16 Dec 2022, 00:00

Last modified:14 Apr 2025, 18:13

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.14% LOW

0% probability +0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Dec 2022, 00:00

Published

Vulnerability first disclosed

14 Apr 2025, 18:13

Last Modified

Vulnerability information updated

Description

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

CVSS Metrics

v3.1•MEDIUM•Score: 4.5CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 0.14%• Percentile: 34%

Affected Systems

redhat•satellite
6.9 | 6.10 | 6.11

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=2145254