VDB
CISA-2023-4320
CISA-2023-4320
PUBLISHED
CVSS 7.6 HIGH
Reported by redhat · Published December 18, 2023
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.
Risk Scores
CVSS 3.1
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 | 0:3.9.1.6-1.el8sat |
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 | 0:3.9.1.6-1.el8sat |
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 | 0:3.9.1.6-1.el8sat |
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 | 0:3.9.1.6-1.el8sat, 0:3.9.1.6-1.el8sat, 0:3.9.1.6-1.el8sat |
Timeline
- Dec 18, 2023 CVE Published
- Nov 20, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
References
- RHSA-2024:2010 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2231814 issue-trackingx_refsource_REDHAT