CVE-2023-4320 HIGH

CVE-2023-4320: Satellite: arithmetic overflow in satellite

Weakness CWE-613 · Insufficient session expiration
Published December 18, 2023
Last update November 20, 2025

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

Key dates

02Disclosure timeline

December 18, 2023 CVE published
November 20, 2025 Record updated