VDB

CISA-2023-4320

CISA-2023-4320 PUBLISHED CVSS 7.6 HIGH

Reported by redhat · Published December 18, 2023

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

Risk Scores

CVSS 3.1
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Affected Products

VendorProductVersions
Red HatRed Hat Satellite 6.15 for RHEL 80:3.9.1.6-1.el8sat
Red HatRed Hat Satellite 6.15 for RHEL 80:3.9.1.6-1.el8sat
Red HatRed Hat Satellite 6.15 for RHEL 80:3.9.1.6-1.el8sat
Red HatRed Hat Satellite 6.15 for RHEL 80:3.9.1.6-1.el8sat, 0:3.9.1.6-1.el8sat, 0:3.9.1.6-1.el8sat

Timeline

  • Dec 18, 2023 CVE Published
  • Nov 20, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›