CVE-2017-2662

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Published: Aug 22, 2018
Updated: May 9, 2024
CVE: CVE-2017-2662
GHSA: GHSA-cpv6-pfq6-j2v7
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-862
CWE-269

Affected Software
References

Software	From	Fixed in
theforeman / katello	3.4.5	3.4.5.x
katello	-	3.17.0.rc1

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
https://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6
https://github.com/Katello/katello/pull/8772
https://projects.theforeman.org/issues/18838

Vulnerability Database

289,599

CVE-2017-2662