What is RHSA-2023:6818?

RHSA-2023:6818 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Satellite 6.14 security and bug fix update

Which CVE IDs does RHSA-2023:6818 cover?

RHSA-2023:6818 covers the following CVE IDs: CVE-2022-4130, CVE-2022-40899, CVE-2022-44570, CVE-2023-1894, CVE-2023-22796, CVE-2023-29406, CVE-2022-3874, CVE-2023-22799, CVE-2023-27539, CVE-2023-39325, CVE-2022-47318, CVE-2022-3644, CVE-2023-31047, CVE-2023-44487, CVE-2022-0759, CVE-2022-2068, CVE-2022-46648, CVE-2023-27530, CVE-2022-44572, CVE-2022-44571, CVE-2023-30608, CVE-2023-0119, CVE-2023-22792, CVE-2023-22795, CVE-2023-36053, CVE-2022-41717, CVE-2022-44566, CVE-2023-0118, CVE-2023-22794, CVE-2023-40267, CVE-2023-32681, CVE-2022-1292. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2023:6818?

RHSA-2023:6818 has a CVSS v3 base score of 9.8, published by Red Hat Product Security.

RHSA-2023:6818HighCVSS 9.8

Red Hat Security Advisory: Satellite 6.14 security and bug fix update

Vendor

Red Hat Product Security

Published

November 8, 2023

Last Modified

May 23, 2026

📋 Description

CVE-2022-0759 — kubeclient: kubeconfig parsing error can lead to MITM attacks CVE-2022-1292 — openssl: c_rehash script allows command injection CVE-2022-2068 — openssl: the c_rehash script allows command injection CVE-2022-3644 — Pulp: Tokens stored in plaintext CVE-2022-3874 — foreman: OS command injection via ct_command and fcct_command CVE-2022-4130 — satellite: Blind SSRF via Referer header CVE-2022-40899 — python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server CVE-2022-41717 — golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-44566 — rubygem-activerecord: Denial of Service CVE-2022-44570 — rubygem-rack: denial of service in Content-Disposition parsing CVE-2022-44571 — rubygem-rack: denial of service in Content-Disposition parsing CVE-2022-44572 — rubygem-rack: denial of service in Content-Disposition parsing CVE-2022-46648 — ruby-git: code injection vulnerability CVE-2022-47318 — ruby-git: code injection vulnerability CVE-2023-0118 — Foreman: Arbitrary code execution through templates CVE-2023-0119 — Foreman: Stored cross-site scripting in host tab CVE-2023-1894 — puppet: Puppet Server ReDoS CVE-2023-22792 — rubygem-actionpack: Denial of Service in Action Dispatch CVE-2023-22794 — rubygem-activerecord: SQL Injection CVE-2023-22795 — rubygem-actionpack: Denial of Service in Action Dispatch CVE-2023-22796 — rubygem-activesupport: Regular Expression Denial of Service CVE-2023-22799 — rubygem-globalid: ReDoS vulnerability CVE-2023-27530 — rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27539 — rubygem-rack: denial of service in header parsing CVE-2023-29406 — golang: net/http: insufficient sanitization of Host header CVE-2023-30608 — sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) CVE-2023-31047 — python-django: Potential bypass of validation when uploading multiple files using one form field CVE-2023-32681 — python-requests: Unintended leak of Proxy-Authorization header CVE-2023-36053 — python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator CVE-2023-39325 — golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) CVE-2023-40267 — GitPython: Insecure non-multi options in clone and clone_from is not blocked CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

Red Hat Security Advisory: Satellite 6.14 security and bug fix update

🔗 CVE IDs covered (32)

📋 Description

🔗 References (290)