CVE-2017-2662
MEDIUM4.3EPSS 0.09%katello Improper Privilege Management vulnerability
Published: 5/13/2022Modified: 11/8/2023
Also known as:GHSA-cpv6-pfq6-j2v7
Description
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Affected packages (1)
- RubyGems/katellofrom 0, < 3.17.0.rc1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-2662
- PATCHhttps://github.com/Katello/katello
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
- WEBhttps://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6
- WEBhttps://github.com/Katello/katello/pull/8772
- WEBhttps://projects.theforeman.org/issues/18838