Bug 2145254 (CVE-2022-4130) - CVE-2022-4130 satellite: Blind SSRF via Referer header
Summary: CVE-2022-4130 satellite: Blind SSRF via Referer header
Keywords:
Status: NEW
Alias: CVE-2022-4130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
: 2248886 (view as bug list)
Depends On: 2147581 2148136 2148155 2239104 2239105 2239106
Blocks: 2142667
TreeView+ depends on / blocked
 
Reported: 2022-11-23 15:57 UTC by ybuenos
Modified: 2024-02-29 20:34 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6818 0 None None None 2023-11-08 14:16:59 UTC
Red Hat Product Errata RHSA-2024:1061 0 None None None 2024-02-29 20:34:58 UTC

Description ybuenos 2022-11-23 15:57:03 UTC 
Satellite is executing external requests via the Referer header under the /location/clear path. It is possible to trigger an external interaction to an attacker's server, by executing a GET request to /locations/clear and modifying the Referer header to an attacker-controlled server.
Comment 7 errata-xmlrpc 2023-11-08 14:16:58 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
Comment 8 Eric Helms 2024-01-12 17:32:19 UTC 
*** Bug 2248886 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2024-02-29 20:34:56 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2024:1061 https://access.redhat.com/errata/RHSA-2024:1061
Note You need to log in before you can comment on or make changes to this bug.