CVE-2017-2662

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Foreman's katello plugin version 3.4.5

Description: A flaw was found in Foreman's katello plugin. The issue occurs when a new role is set to allow restricted access on a repository with a filter, specifically a filter set on the Product Name. In this scenario, the filter is not respected when actions are performed via hammer using the repository id.

Recommendations: For Foreman's katello plugin version 3.4.5, consider restricting access to the repository id in hammer until a fix is available. As a temporary workaround, avoid using the repository id in hammer for actions related to repositories with filters set on the Product Name.

Fix

Missing Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-269

Related Identifiers

CVE-2017-2662

GHSA-CPV6-PFQ6-J2V7

RHSA-2021:1313

Affected Products

Foreman

Katello Plugin

CVE-2017-2662

Weakness Enumeration

Related Identifiers

Affected Products

References · 8