Overview
- Description
- A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.5
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80276170-A9E8-4C26-9373-59E1914C88DD"
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "590BA9E2-A8D2-4545-9048-02D4ECE28B35"
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBF6E338-61C0-4A95-8AC7-F826F68612D0"
}
],
"operator": "OR"
}
]
}
]