Vulnerability Details : CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
Products affected by CVE-2022-4130
- cpe:2.3:a:redhat:satellite:6.11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:6.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4130
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4130
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N |
0.9
|
3.6
|
NIST |
References for CVE-2022-4130
-
https://bugzilla.redhat.com/show_bug.cgi?id=2145254
Bug Access DeniedIssue Tracking;Permissions Required;Vendor Advisory
Jump to