Bug 2145254 (CVE-2022-4130)

Summary: CVE-2022-4130 satellite: Blind SSRF via Referer header
Product: [Other] Security Response Reporter: ybuenos
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbuckingham, bcourt, ehelms, jsherril, lzap, mhulan, nmoumoul, orabin, pcreech, rchan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2147581, 2148136, 2148155, 2239104, 2239105, 2239106    
Bug Blocks: 2142667    

Description ybuenos 2022-11-23 15:57:03 UTC 
Satellite is executing external requests via the Referer header under the /location/clear path. It is possible to trigger an external interaction to an attacker's server, by executing a GET request to /locations/clear and modifying the Referer header to an attacker-controlled server.
Comment 7 errata-xmlrpc 2023-11-08 14:16:58 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
Comment 8 Eric Helms 2024-01-12 17:32:19 UTC 
*** Bug 2248886 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2024-02-29 20:34:56 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2024:1061 https://access.redhat.com/errata/RHSA-2024:1061