CVE-2017-2662
MEDIUM4.3EPSS 0.09%katello Improper Privilege Management vulnerability
發布日:2022/5/13修改日:2023/11/8
描述
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
受影響套件(1)
- RubyGems/katellofrom 0, < 3.17.0.rc1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-2662
- PATCHhttps://github.com/Katello/katello
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
- WEBhttps://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6
- WEBhttps://github.com/Katello/katello/pull/8772
- WEBhttps://projects.theforeman.org/issues/18838