A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662 | Issue Tracking Third Party Advisory |
https://projects.theforeman.org/issues/18838 | Vendor Advisory |
Configurations
History
12 Feb 2023, 23:29
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-862 | |
Summary | A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id. |
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2017-2662 foreman: Managing repositories with their id via hammer does not respect the role filters |
Information
Published : 2018-08-22 16:29
Updated : 2023-12-10 12:44
NVD link : CVE-2017-2662
Mitre link : CVE-2017-2662
CVE.ORG link : CVE-2017-2662
JSON object : View
Products Affected
theforeman
- katello