CVE-2017-2662

CWE-862Missing AuthorizationCWE-269Improper Privilege Management6 documents6 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 75.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Foreman Project Foreman Katello PluginTheforeman Katello
Timeline
PublishedAug 22
Latest updateMay 13

Description

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

RubyGemskatello< 3.17.0.rc1

🔴Vulnerability Details

3
OSV
katello Improper Privilege Management vulnerability2022-05-13
GHSA
katello Improper Privilege Management vulnerability2022-05-13
CVEList
CVE-2017-2662: A flaw was found in Foreman's katello plugin version 32018-08-22

📋Vendor Advisories

1
Red Hat
foreman: Managing repositories with their id via hammer does not respect the role filters2017-03-08

💬Community

1
Bugzilla
CVE-2017-2662 foreman: Managing repositories with their id via hammer does not respect the role filters2017-03-20
CVE-2017-2662 (MEDIUM CVSS 4.3) | A flaw was found in Foreman's katel | cvebase.io