CVE-2023-4320

Sažetak

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

Reference

https://access.redhat.com/errata/RHSA-2024:2010
https://access.redhat.com/security/cve/CVE-2023-4320
https://bugzilla.redhat.com/show_bug.cgi?id=2231814

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

25-04-2024 - 14:15

Objavljeno

18-12-2023 - 14:15