RHSA-2023:5979
Advisory lineage Upstream: 9 Downstream: 0
Published: 02 Oct 2024, 11:23
Last modified:04 Jun 2026, 10:02
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.1 CRITICAL
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Oct 2024, 11:23
Published
Vulnerability first disclosed
04 Jun 2026, 10:02
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update
CVSS Metrics
- v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Systems
- redhat•foreman
< 0:3.3.0.23-1.el8sat
- redhat•puppet-agent
< 0:7.26.0-3.el8sat
- redhat•rubygem-git
< 0:1.18.0-1.el8sat
- redhat•rubygem-safemode
< 0:1.3.8-1.el8sat
- redhat•yggdrasil-worker-forwarder
< 0:0.0.3-1.el8sat
References (50)
- https://access.redhat.com/errata/RHSA-2023:5979
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite/index
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- https://bugzilla.redhat.com/show_bug.cgi?id=2081494
- https://bugzilla.redhat.com/show_bug.cgi?id=2097310
- https://bugzilla.redhat.com/show_bug.cgi?id=2140577
- https://bugzilla.redhat.com/show_bug.cgi?id=2159291
- https://bugzilla.redhat.com/show_bug.cgi?id=2159672
- https://bugzilla.redhat.com/show_bug.cgi?id=2162970
- https://bugzilla.redhat.com/show_bug.cgi?id=2169385
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5979.json
- https://access.redhat.com/security/cve/CVE-2022-1292
- https://www.cve.org/CVERecord?id=CVE-2022-1292
- https://nvd.nist.gov/vuln/detail/CVE-2022-1292
- https://www.openssl.org/news/secadv/20220503.txt
- https://access.redhat.com/security/cve/CVE-2022-2068
- https://www.cve.org/CVERecord?id=CVE-2022-2068
- https://nvd.nist.gov/vuln/detail/CVE-2022-2068
- https://www.openssl.org/news/secadv/20220621.txt
- https://access.redhat.com/security/cve/CVE-2022-3874
- https://www.cve.org/CVERecord?id=CVE-2022-3874
- https://nvd.nist.gov/vuln/detail/CVE-2022-3874
- https://access.redhat.com/security/cve/CVE-2022-46648
- https://www.cve.org/CVERecord?id=CVE-2022-46648
- https://nvd.nist.gov/vuln/detail/CVE-2022-46648
- https://jvn.jp/en/jp/JVN16765254/
- https://access.redhat.com/security/cve/CVE-2022-47318
- https://www.cve.org/CVERecord?id=CVE-2022-47318
- https://nvd.nist.gov/vuln/detail/CVE-2022-47318
- https://access.redhat.com/security/cve/CVE-2023-0118
- https://www.cve.org/CVERecord?id=CVE-2023-0118
- https://nvd.nist.gov/vuln/detail/CVE-2023-0118
- https://access.redhat.com/security/cve/CVE-2023-0462
- https://www.cve.org/CVERecord?id=CVE-2023-0462
- https://nvd.nist.gov/vuln/detail/CVE-2023-0462
- https://access.redhat.com/security/cve/CVE-2023-39325
- https://www.cve.org/CVERecord?id=CVE-2023-39325
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325
- https://access.redhat.com/security/cve/CVE-2023-44487
- https://go.dev/issue/63417
- https://pkg.go.dev/vuln/GO-2023-2102
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
- https://www.cve.org/CVERecord?id=CVE-2023-44487
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487
- https://github.com/dotnet/announcements/issues/277
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog