cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7923,https://securityvulnerability.io/vulnerability/CVE-2024-7923,Pulpcore Authentication Bypass Vulnerability Affects Satellite Deployments,"An authentication bypass vulnerability has been identified in Pulpcore, particularly affecting deployments running with Gunicorn versions prior to 22.0. This vulnerability is caused by the puppet-pulpcore configuration and Apache's mod_proxy failing to properly unset headers, which restricts underscores in HTTP headers. As a result, unauthorized users can exploit this flaw to gain administrative access to systems. The issue impacts all active Satellite deployments (versions 6.13, 6.14, and 6.15) that utilize Pulpcore version 3.0 and above. Organizations using these systems are strongly advised to review their configurations and implement necessary security measures.",Red Hat,"Red Hat Satellite 6.13 For Rhel 8,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",9.8,CRITICAL,0.0012400000123307109,false,,false,false,false,,,false,false,,2024-09-04T14:15:00.000Z,0
CVE-2023-4320,https://securityvulnerability.io/vulnerability/CVE-2023-4320,Satellite: arithmetic overflow in satellite,"An arithmetic overflow flaw in Red Hat Satellite enables attackers to generate personal access tokens that remain valid indefinitely. This vulnerability compromises the system's integrity by allowing unauthorized access, which can lead to further exploitation of system resources and sensitive information. It is crucial to apply security patches and monitor access token validity to mitigate potential risks.",Red Hat,Red Hat Satellite 6.15 For Rhel 8,7.6,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-12-18T14:15:00.000Z,0
CVE-2023-5189,https://securityvulnerability.io/vulnerability/CVE-2023-5189,Hub: insecure galaxy-importer tarfile extraction,"A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",6.5,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-11-14T23:15:00.000Z,0