CVE-2017-2662
published 2018-08-22CVE-2017-2662: A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on…
PriorityP419medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
0.94%
56.4th percentile
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| katello | katello | >= 0 < 3.17.0.rc1 | 3.17.0.rc1 |
| the_foreman_project | foreman_katello_plugin | — | — |
| theforeman | katello | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
katello Improper Privilege Management vulnerability
osv·2022-05-13
CVE-2017-2662 [MEDIUM] katello Improper Privilege Management vulnerability
katello Improper Privilege Management vulnerability
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
GHSA
katello Improper Privilege Management vulnerability
ghsa·2022-05-13
CVE-2017-2662 [MEDIUM] CWE-269 katello Improper Privilege Management vulnerability
katello Improper Privilege Management vulnerability
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Red Hat
foreman: Managing repositories with their id via hammer does not respect the role filters
vendor_redhat·2017-03-08·CVSS 4.3
CVE-2017-2662 [MEDIUM] CWE-862 foreman: Managing repositories with their id via hammer does not respect the role filters
foreman: Managing repositories with their id via hammer does not respect the role filters
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Package: foreman (Red Hat Ceph Storage 1.3) - Will not fix
No detection rules found.
No public exploits indexed.
2018-08-22
Published