CVE-2023-4320

Name
CVE-2023-4320
Description
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2023-4320
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2231814
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2010

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:* satellite >= None < 6.13

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
satellite edge-community 1.0.0-r38 Pedro Lucas Porcellis <porcellis@eletrotupi.com> possibly vulnerable
satellite edge-community 1.0.0-r37 Pedro Lucas Porcellis <porcellis@eletrotupi.com> possibly vulnerable
satellite edge-community 1.0.0-r36 Pedro Lucas Porcellis <porcellis@eletrotupi.com> possibly vulnerable