From 4a709dc175cc2eefda86ffec143f63a12ba475fa Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Tue, 26 Sep 2023 12:33:32 -0400
Subject: [PATCH] Add CVE-2022-4130

---
 security.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/security.md b/security.md
index 2bdf352866..fa176b47c5 100644
--- a/security.md
+++ b/security.md
@@ -15,6 +15,7 @@ The policy of the project is to treat all newly reported issues as private, and
 
 All security advisories made for Foreman are listed below with their corresponding [CVE identifier](https://cve.mitre.org/).
 
+* [CVE-2022-4130: Blind SSRF via Referer header](security.html#2022-4130)
 * [CVE-2022-3874: OS command injection via ct_command and fcct_command](security.html#2022-3874)
 * [CVE-2021-3584: Remote code execution through Sendmail configuration](security.html#2021-3584)
 * [CVE-2021-20256: BMC controller credential leak via API](security.html#2021-20256)
@@ -88,6 +89,15 @@ All security advisories made for Foreman are listed below with their correspondi
 
 ### Disclosure details
 
+#### <a id="2022-4130"></a>CVE-2022-4130: Blind SSRF via Referer header
+
+A blind site-to-site request forgery vulnerability was found in Satellite server.
+It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
+
+* Affects Foreman
+* Fix released in Foreman 3.8.0
+* Redmine issue [#36768](https://projects.theforeman.org/issues/36768)
+
 #### <a id="2022-3874"></a>CVE-2022-3874: OS command injection via ct_command and fcct_command
 
 `ct_command` and `fcct_command` settings, available via Administer - Settings, both accept arbitrary