CentOS Linux: CVE-2022-4130: Important: Satellite 6.14 security and bug fix update (CESA-2023:6818)

CentOS Linux: CVE-2022-4130: Important: Satellite 6.14 security and bug fix update (CESA-2023:6818)

Severity

6

CVSS

(AV:N/AC:M/Au:M/C:N/I:C/A:N)

Published

12/16/2022

Created

11/14/2023

Added

11/13/2023

Modified

01/28/2025

Description

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

Solution(s)

• centos-upgrade-foreman-cli
• centos-upgrade-python39-pulp_manifest
• centos-upgrade-rubygem-amazing_print
• centos-upgrade-rubygem-apipie-bindings
• centos-upgrade-rubygem-clamp
• centos-upgrade-rubygem-domain_name
• centos-upgrade-rubygem-fast_gettext
• centos-upgrade-rubygem-ffi
• centos-upgrade-rubygem-ffi-debuginfo
• centos-upgrade-rubygem-ffi-debugsource
• centos-upgrade-rubygem-foreman_maintain
• centos-upgrade-rubygem-gssapi
• centos-upgrade-rubygem-hammer_cli
• centos-upgrade-rubygem-hammer_cli_foreman
• centos-upgrade-rubygem-hammer_cli_foreman_admin
• centos-upgrade-rubygem-hammer_cli_foreman_ansible
• centos-upgrade-rubygem-hammer_cli_foreman_azure_rm
• centos-upgrade-rubygem-hammer_cli_foreman_bootdisk
• centos-upgrade-rubygem-hammer_cli_foreman_discovery
• centos-upgrade-rubygem-hammer_cli_foreman_google
• centos-upgrade-rubygem-hammer_cli_foreman_openscap
• centos-upgrade-rubygem-hammer_cli_foreman_remote_execution
• centos-upgrade-rubygem-hammer_cli_foreman_tasks
• centos-upgrade-rubygem-hammer_cli_foreman_templates
• centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure
• centos-upgrade-rubygem-hammer_cli_foreman_webhooks
• centos-upgrade-rubygem-hammer_cli_katello
• centos-upgrade-rubygem-hashie
• centos-upgrade-rubygem-highline
• centos-upgrade-rubygem-http-accept
• centos-upgrade-rubygem-http-cookie
• centos-upgrade-rubygem-jwt
• centos-upgrade-rubygem-little-plugger
• centos-upgrade-rubygem-locale
• centos-upgrade-rubygem-logging
• centos-upgrade-rubygem-mime-types
• centos-upgrade-rubygem-mime-types-data
• centos-upgrade-rubygem-multi_json
• centos-upgrade-rubygem-netrc
• centos-upgrade-rubygem-oauth
• centos-upgrade-rubygem-oauth-tty
• centos-upgrade-rubygem-powerbar
• centos-upgrade-rubygem-rest-client
• centos-upgrade-rubygem-snaky_hash
• centos-upgrade-rubygem-unf
• centos-upgrade-rubygem-unf_ext
• centos-upgrade-rubygem-unf_ext-debuginfo
• centos-upgrade-rubygem-unf_ext-debugsource
• centos-upgrade-rubygem-unicode
• centos-upgrade-rubygem-unicode-debuginfo
• centos-upgrade-rubygem-unicode-debugsource
• centos-upgrade-rubygem-unicode-display_width
• centos-upgrade-rubygem-version_gem
• centos-upgrade-satellite
• centos-upgrade-satellite-branding
• centos-upgrade-satellite-cli
• centos-upgrade-satellite-clone
• centos-upgrade-satellite-maintain

References

• CVE-2022-4130