Satellite: arithmetic overflow in satellite
CVE-2023-4320

7.6HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Satellite 6.15 For Rhel 8
Vendor: CVE Published:; 18 December 2023

🔔 Create Red Hat Vulnerability Alert

What is CVE-2023-4320?

An arithmetic overflow flaw in Red Hat Satellite enables attackers to generate personal access tokens that remain valid indefinitely. This vulnerability compromises the system's integrity by allowing unauthorized access, which can lead to further exploitation of system resources and sensitive information. It is crucial to apply security patches and monitor access token validity to mitigate potential risks.

Affected Version(s)

Red Hat Satellite 6.15 for RHEL 8 0:3.9.1.6-1.el8sat

Red Hat Satellite 6.15 for RHEL 8 0:3.9.1.6-1.el8sat

Red Hat Satellite 6.15 for RHEL 8 0:3.9.1.6-1.el8sat

References

https://access.redhat.com/errata/RHSA-2024:2010

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-4320

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2231814

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Aug 14, 2023

.

CVE-2023-4320 : Satellite: arithmetic overflow in satellite