Bug 2145254 (CVE-2022-4130) - CVE-2022-4130 satellite: Blind SSRF via Referer header
Summary: CVE-2022-4130 satellite: Blind SSRF via Referer header
Keywords:
Status: NEW
Alias: CVE-2022-4130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
: 2248886 (view as bug list)
Depends On: 2147581 2148136 2148155 2239104 2239105 2239106
Blocks: 2142667
TreeView+ depends on / blocked
 
Reported: 2022-11-23 15:57 UTC by ybuenos
Modified: 2024-02-29 20:34 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6818 0 None None None 2023-11-08 14:16:59 UTC
Red Hat Product Errata RHSA-2024:1061 0 None None None 2024-02-29 20:34:58 UTC

Description ybuenos 2022-11-23 15:57:03 UTC 
Satellite is executing external requests via the Referer header under the /location/clear path. It is possible to trigger an external interaction to an attacker's server, by executing a GET request to /locations/clear and modifying the Referer header to an attacker-controlled server.
Comment 7 errata-xmlrpc 2023-11-08 14:16:58 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
Comment 8 Eric Helms 2024-01-12 17:32:19 UTC 
*** Bug 2248886 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2024-02-29 20:34:56 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2024:1061 https://access.redhat.com/errata/RHSA-2024:1061
Note You need to log in before you can comment on or make changes to this bug.